Debian Package Tracker

general

source: libidn2 (main)
version: 2.2.0-2
maintainer: Debian Libidn team (DMD)
uploaders: Ondřej Surý [DMD] – Simon Josefsson [DMD]
arch: all any
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

old-bpo: 2.0.5-1~bpo9+1
stable: 2.0.5-1
testing: 2.2.0-2
unstable: 2.2.0-2

versioned links

2.0.5-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.5-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.2.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

idn2
libidn2-0
libidn2-0-dev
libidn2-dev
libidn2-doc

action needed

A new upstream version is available: 2.3.0 high

A new upstream version 2.3.0 is available, you should consider packaging it.

Created: 2019-11-18 Last update: 2019-12-10 21:06

2 security issues in buster high

There are 2 open security issues in buster.

2 important issues:

CVE-2019-12290: GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.
CVE-2019-18224: idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.

Please fix them.

Created: 2019-10-23 Last update: 2019-10-26 15:39

lintian reports 3 errors and 3 warnings high

Lintian reports 3 errors and 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-07-21 Last update: 2019-09-30 01:14

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-12-10 22:03

Depends on packages which need a new maintainer normal

The packages that libidn2 depends on which need a new maintainer are:

dblatex (#942402)
- Build-Depends-Indep: dblatex

Created: 2019-11-22 Last update: 2019-12-10 20:46

23 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 25d6df232349decc6db1df05257b4fa8d6b801f9
Author: Ondřej Surý <ondrej@debian.org>
Date:   Wed Sep 11 08:58:20 2019 +0200

    Update changelog for 2.2.0-2 release

commit 246fd43360c42abc65293b8562b2b91a8788671f
Author: Ondřej Surý <ondrej@debian.org>
Date:   Wed Sep 11 08:58:10 2019 +0200

    Restore exporting _idn2_punycode_decode@IDN2_0.0.0 0.6 and _idn2_punycode_encode@IDN2_0.0.0 0.6 to retain ABI compatibility

commit d99ea167f389780712a3433f36b1a2c7cd6a5ff3
Author: Ondřej Surý <ondrej@debian.org>
Date:   Wed Sep 11 08:45:48 2019 +0200

    Correctly bump the library interface after removing the interfaces

commit 20e04735c3d234926e82fef0905d0769ff2d4449
Author: Ondřej Surý <ondrej@debian.org>
Date:   Tue Sep 10 15:26:37 2019 +0200

    Normalize d/ with wrap-and-sort -a

commit a9d72f5381293fef1b10a58a2e1af6b9bb29ea22
Author: Simon Josefsson <simon@josefsson.org>
Date:   Sun Jul 21 09:55:49 2019 +0200

    Make libidn2-doc Multi-Arch: foreign.

commit ab10319f54c98777187aa089337deac16bb26cc3
Author: Simon Josefsson <simon@josefsson.org>
Date:   Sun Jul 21 09:50:17 2019 +0200

    Release 2.2.0-1.

commit e9cff55a198e649a07a6d97ad889d33d3b930109
Author: Simon Josefsson <simon@josefsson.org>
Date:   Sun Jul 21 09:43:41 2019 +0200

    Ignore idn2.1 diff.

commit cee02a244ba8b9028c9cf97c9144592b46e377e2
Author: Simon Josefsson <simon@josefsson.org>
Date:   Sun Jul 21 09:30:22 2019 +0200

    Drop --parallel and --with autoreconf. Drop Build-Depends on dh-autoreconf.

commit 217d231a2ff7fd24a920148c92a3b0fa3c8f4d88
Author: Simon Josefsson <simon@josefsson.org>
Date:   Sun Jul 21 09:25:25 2019 +0200

    Drop dh --fail-missing (now default).

commit eff41185fb310cda0dace9a9de4308e652692b2d
Author: Simon Josefsson <simon@josefsson.org>
Date:   Sun Jul 21 09:25:04 2019 +0200

    Drop help2man b-d.  Closes: #929879.

commit 1b403ab364df1bf24f4c4ed3beeeab80f82e3523
Author: Simon Josefsson <simon@josefsson.org>
Date:   Sun Jul 21 09:24:53 2019 +0200

    Update and cleanup upstream signing keys.  Closes: #882581.

commit f22b248c422bcf0bd20a528d332bfe0b0efd62f0
Author: Simon Josefsson <simon@josefsson.org>
Date:   Sun Jul 21 09:17:46 2019 +0200

    Add Build-Depends-Package to symbols file.

commit bd456819c15e7e7b6cbcd02eef33d8188ff3910f
Author: Simon Josefsson <simon@josefsson.org>
Date:   Sun Jul 21 09:15:43 2019 +0200

    Standards-Version 4.4.0. Compat 12.

commit bc99245e7d8420c2c4b3c72b2ca1904b7efe2453
Author: Simon Josefsson <simon@josefsson.org>
Date:   Sun Jul 21 09:14:35 2019 +0200

    Update libidn2-0.symbols.

commit 61edb55367fea383ca1396ff6ebd562c2b18bfa7
Author: Simon Josefsson <simon@josefsson.org>
Date:   Sun Jul 21 09:14:22 2019 +0200

    New upstream version 2.2.0.

commit 7efcf0b26860bfd7ddf0c430fd6319d5fbe9c64e
Merge: 0fee9a0 3b14763
Author: Simon Josefsson <simon@josefsson.org>
Date:   Sun Jul 21 09:13:57 2019 +0200

    Update upstream source from tag 'upstream/2.2.0'
    
    Update to upstream version '2.2.0'
    with Debian dir 122c200b5535967ddc812cd6fd049613a33cf826

commit 3b147631af1f61dc07ff445995ab6e392a4b22d8
Author: Simon Josefsson <simon@josefsson.org>
Date:   Sun Jul 21 09:13:46 2019 +0200

    New upstream version 2.2.0

commit 0fee9a0224c91c6f2e511c854b79da67163bec5d
Merge: 2acd19f 851d98b
Author: Simon Josefsson <simon@josefsson.org>
Date:   Sun Jul 21 07:00:14 2019 +0000

    Merge branch 'bug882581' into 'master'
    
    Update and cleanup upstream signing keys
    
    See merge request debian/libidn2!1

commit 2acd19f8c4d26b58d46c06054c0d99f1b1713178
Author: Ondřej Nový <onovy@debian.org>
Date:   Mon Oct 1 09:38:49 2018 +0200

    d/copyright: Use https protocol in Format field

commit 74dd609afb154480b3f283643a90ecd6594fb451
Merge: 4453c28 a2fd6d1
Author: Ondřej Surý <ondrej@debian.org>
Date:   Fri Aug 31 15:25:12 2018 +0200

    Merge tag 'upstream/2.0.5'
    
    Upstream version 2.0.5
    
    # gpg: Signature made Fri Aug 31 15:25:11 2018 CEST
    # gpg:                using RSA key C361B1E3029543EBC625E97D8372A477EFAE59C2
    # gpg: Good signature from "Ondřej Surý <ondrej@sury.org>" [ultimate]
    # gpg:                 aka "Ondřej Surý <ondrej@debian.org>" [ultimate]
    # gpg:                 aka "Ondřej Surý <ondrej@isc.org>" [ultimate]
    # Primary key fingerprint: 30B9 33D8 0FCE 3D98 1A2D  38FB 0C99 B70E F4FC BB07
    #      Subkey fingerprint: C361 B1E3 0295 43EB C625  E97D 8372 A477 EFAE 59C2

commit a2fd6d182760e6db08b46487bc8597af2c67e54a
Author: Ondřej Surý <ondrej@debian.org>
Date:   Fri Aug 31 15:25:00 2018 +0200

    New upstream version 2.0.5

commit 45e28e587a1f7ef477d437b32eafc34b311a31d1
Author: Ondřej Surý <ondrej@debian.org>
Date:   Fri Aug 31 15:23:35 2018 +0200

    Revert "New upstream version 2.0.5"
    
    This reverts commit d23e15c0ecc150825c53b0c93577dac45ef7883f.

commit 851d98bfe043b6d2839277243a7c82463c556995
Author: Bernhard Schmidt <berni@debian.org>
Date:   Mon Jul 30 00:23:37 2018 +0200

    Update and cleanup upstream signing keys
    
    Closes: #882581

Created: 2018-08-31 Last update: 2019-12-09 19:47

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.1 instead of 4.4.0).

Created: 2019-09-29 Last update: 2019-09-29 23:40

news

[rss feed]

[2019-09-16] libidn2 2.2.0-2 MIGRATED to testing (Debian testing watch)
[2019-09-11] Accepted libidn2 2.2.0-2 (source) into unstable (Ondřej Surý)
[2019-07-26] libidn2 2.2.0-1 MIGRATED to testing (Debian testing watch)
[2019-07-21] Accepted libidn2 2.2.0-1 (source) into unstable (Simon Josefsson)
[2018-09-28] Accepted libidn2 2.0.5-1~bpo9+1 (source) into stretch-backports (Bernhard Schmidt)
[2018-09-05] libidn2 2.0.5-1 MIGRATED to testing (Debian testing watch)
[2018-08-31] Accepted libidn2 2.0.5-1 (source) into unstable (Ondřej Surý)
[2018-08-21] Accepted libidn2 2.0.4-2.2~bpo9+1 (source amd64 all) into stretch-backports, stretch-backports (Bernhard Schmidt)
[2018-08-04] libidn2 2.0.4-2.2 MIGRATED to testing (Debian testing watch)
[2018-07-29] Accepted libidn2 2.0.4-2.2 (source) into unstable (Bernhard Schmidt)
[2018-07-26] Accepted libidn2 2.0.4-2.1 (source) into unstable (Bernhard Schmidt)
[2017-11-29] libidn2 2.0.4-1.1 MIGRATED to testing (Debian testing watch)
[2017-11-24] Accepted libidn2 2.0.4-1.1 (source) into unstable (Simon McVittie)
[2017-11-16] Accepted libidn2 2.0.4-1 (source amd64 all) into unstable, unstable (Ondřej Surý)
[2017-11-16] Accepted libidn2 2.0.3-1 (source amd64 all) into unstable, unstable (Simon Josefsson)

bugs [bug history graph]

all: 1
RC: 0
I&N: 0
M&W: 1
F&P: 0
patch: 1

links

homepage
lintian (3, 3)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.2.0-2
1 bug (1 patch)