From d381c0bb14cd7896a6a9227b5abbcf1c2f086495 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Fri, 9 Jul 2021 09:27:11 -0400
Subject: [PATCH] idna: fix OOB read in punycode decoder

Resolves: CVE-2021-22918

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
---
 .gitignore | 1 +
 libuv.spec | 6 +++++-
 sources    | 2 +-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 9235ffd..dbd2885 100644
--- a/.gitignore
+++ b/.gitignore
@@ -75,3 +75,4 @@ libuv-v*/
 /libuv-v1.39.0.tar.gz
 /libuv-v1.40.0.tar.gz
 /libuv-v1.41.0.tar.gz
+/libuv-v1.41.1.tar.gz
diff --git a/libuv.spec b/libuv.spec
index cdce2e6..2d38f16 100644
--- a/libuv.spec
+++ b/libuv.spec
@@ -5,7 +5,7 @@
 
 Name:           libuv
 Epoch:          1
-Version:        1.41.0
+Version:        1.41.1
 Release:        1%{?dist}
 Summary:        Platform layer for node.js
 
@@ -81,6 +81,10 @@ install -Dm0644 -t %{buildroot}%{_libdir}/libuv/ %{SOURCE3}
 %{_libdir}/%{name}.a
 
 %changelog
+* Fri Jul 09 2021 Stephen Gallagher <sgallagh@redhat.com> - 1.41.1-1
+- idna: fix OOB read in punycode decoder
+- Resolves: CVE-2021-22918
+
 * Fri Feb 19 2021 Stephen Gallagher <sgallagh@redhat.com> - 1.41.0-1
 - Update to 1.41.0
 
diff --git a/sources b/sources
index 81cedce..7cfc789 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (libuv-v1.41.0.tar.gz) = 33613fa28e8136507300eba374351774849b6b39aab4e53c997a918d3bc1d1094c6123e0e509535095b14dc5daa885eadb1a67bed46622ad3cc79d62dc817e84
+SHA512 (libuv-v1.41.1.tar.gz) = 2626f3300f7ea144b9db89a84d56674afc3caaf03dcf8afbe070c2631605ead07eb7c10982e3348a3d46865758d10f8be41f74104831ece08635c77103cabb69