[oe-commits] [openembedded-core] branch master-next updated: gettext: fix CVE-2018-18751
git at git.openembedded.org
git at git.openembedded.org
Thu Nov 15 09:30:16 UTC 2018
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch master-next
in repository openembedded-core.
The following commit(s) were added to refs/heads/master-next by this push:
new e45602b gettext: fix CVE-2018-18751
e45602b is described below
commit e45602b6adb31b887e6894cf912ee995ca7ede37
Author: Kai Kang <kai.kang at windriver.com>
AuthorDate: Wed Nov 14 00:46:32 2018 -0500
gettext: fix CVE-2018-18751
Backport patch to fix CVE-2018-18751 for gettext. Because po-gram-gen.y
has been modified by fix-CVE-2018-18751.patch, it requires yacc which
provided by bison-native to re-create po-gram-gen.c. Please remove
bison-native from DEPENDS* when next upgrade.
Ref:
https://security-tracker.debian.org/tracker/CVE-2018-18751
Signed-off-by: Kai Kang <kai.kang at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
.../gettext-0.19.8.1/fix-CVE-2018-18751.patch | 141 +++++++++++++++++++++
meta/recipes-core/gettext/gettext_0.19.8.1.bb | 8 +-
2 files changed, 147 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-core/gettext/gettext-0.19.8.1/fix-CVE-2018-18751.patch b/meta/recipes-core/gettext/gettext-0.19.8.1/fix-CVE-2018-18751.patch
new file mode 100644
index 0000000..6dfe200
--- /dev/null
+++ b/meta/recipes-core/gettext/gettext-0.19.8.1/fix-CVE-2018-18751.patch
@@ -0,0 +1,141 @@
+Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=commit;h=dce3a16]
+CVE: CVE-2018-18751
+
+Signed-off-by: Kai Kang <kai.kang at windriver.com>
+
+From dce3a16e5e9368245735e29bf498dcd5e3e474a4 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno at gnu.org>
+Date: Thu, 15 Sep 2016 13:57:24 +0200
+Subject: [PATCH] xgettext: Fix crash with *.po file input
+
+When xgettext was given two *.po files with the same msgid_plural, it
+crashed with double-free. Problem reported by Davlet Panech in:
+http://lists.gnu.org/archive/html/bug-gettext/2016-09/msg00001.html
+* gettext-tools/src/po-gram-gen.y: Don't free msgid_pluralform after
+calling do_callback_message, assuming that it takes ownership.
+* gettext-tools/src/read-catalog.c (default_add_message): Free
+msgid_plural after calling message_alloc.
+* gettext-tools/tests/xgettext-po-2: New file.
+* gettext-tools/tests/Makefile.am (TESTS): Add new test.
+---
+ gettext-tools/src/po-gram-gen.y | 13 ++++-----
+ gettext-tools/src/read-catalog.c | 2 ++
+ gettext-tools/tests/Makefile.am | 2 +-
+ gettext-tools/tests/xgettext-po-2 | 55 +++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 63 insertions(+), 9 deletions(-)
+ create mode 100755 gettext-tools/tests/xgettext-po-2
+
+diff --git a/gettext-tools/src/po-gram-gen.y b/gettext-tools/src/po-gram-gen.y
+index becf5e6..4428e77 100644
+--- a/gettext-tools/src/po-gram-gen.y
++++ b/gettext-tools/src/po-gram-gen.y
+@@ -221,14 +221,11 @@ message
+ check_obsolete ($1, $3);
+ check_obsolete ($1, $4);
+ if (!$1.obsolete || pass_obsolete_entries)
+- {
+- do_callback_message ($1.ctxt, string2, &$1.pos, $3.string,
+- $4.rhs.msgstr, $4.rhs.msgstr_len, &$4.pos,
+- $1.prev_ctxt,
+- $1.prev_id, $1.prev_id_plural,
+- $1.obsolete);
+- free ($3.string);
+- }
++ do_callback_message ($1.ctxt, string2, &$1.pos, $3.string,
++ $4.rhs.msgstr, $4.rhs.msgstr_len, &$4.pos,
++ $1.prev_ctxt,
++ $1.prev_id, $1.prev_id_plural,
++ $1.obsolete);
+ else
+ {
+ free_message_intro ($1);
+diff --git a/gettext-tools/src/read-catalog.c b/gettext-tools/src/read-catalog.c
+index 571d18e..6af6d20 100644
+--- a/gettext-tools/src/read-catalog.c
++++ b/gettext-tools/src/read-catalog.c
+@@ -397,6 +397,8 @@ default_add_message (default_catalog_reader_ty *this,
+ appropriate. */
+ mp = message_alloc (msgctxt, msgid, msgid_plural, msgstr, msgstr_len,
+ msgstr_pos);
++ if (msgid_plural != NULL)
++ free (msgid_plural);
+ mp->prev_msgctxt = prev_msgctxt;
+ mp->prev_msgid = prev_msgid;
+ mp->prev_msgid_plural = prev_msgid_plural;
+diff --git a/gettext-tools/tests/Makefile.am b/gettext-tools/tests/Makefile.am
+index 23b09b1..0dfb4d8 100644
+--- a/gettext-tools/tests/Makefile.am
++++ b/gettext-tools/tests/Makefile.am
+@@ -95,7 +95,7 @@ TESTS = gettext-1 gettext-2 gettext-3 gettext-4 gettext-5 gettext-6 gettext-7 \
+ xgettext-perl-1 xgettext-perl-2 xgettext-perl-3 xgettext-perl-4 \
+ xgettext-perl-5 xgettext-perl-6 xgettext-perl-7 xgettext-perl-8 \
+ xgettext-php-1 xgettext-php-2 xgettext-php-3 xgettext-php-4 \
+- xgettext-po-1 \
++ xgettext-po-1 xgettext-po-2 \
+ xgettext-properties-1 \
+ xgettext-python-1 xgettext-python-2 xgettext-python-3 \
+ xgettext-python-4 \
+diff --git a/gettext-tools/tests/xgettext-po-2 b/gettext-tools/tests/xgettext-po-2
+new file mode 100755
+index 0000000..c4bd9d0
+--- /dev/null
++++ b/gettext-tools/tests/xgettext-po-2
+@@ -0,0 +1,55 @@
++#! /bin/sh
++. "${srcdir=.}/init.sh"; path_prepend_ . ../src
++
++# Test PO extractors with multiple input files.
++
++cat <<EOF > xg-po-2-1.po
++msgid "first msgid"
++msgid_plural "first msgid (plural)"
++msgstr[0] ""
++msgstr[1] ""
++
++msgid "second msgid"
++msgid_plural "second msgid (plural)"
++msgstr[0] ""
++msgstr[1] ""
++EOF
++
++cat <<EOF > xg-po-2-2.po
++msgid "third msgid"
++msgid_plural "third msgid (plural)"
++msgstr[0] ""
++msgstr[1] ""
++
++msgid "second msgid"
++msgid_plural "second msgid (plural)"
++msgstr[0] ""
++msgstr[1] ""
++EOF
++
++: ${XGETTEXT=xgettext}
++${XGETTEXT} --omit-header xg-po-2-1.po xg-po-2-2.po -o xg-po-2.tmp.po || Exit 1
++LC_ALL=C tr -d '\r' < xg-po-2.tmp.po > xg-po-2.po || Exit 1
++
++cat <<EOF > xg-po-2.ok
++msgid "first msgid"
++msgid_plural "first msgid (plural)"
++msgstr[0] ""
++msgstr[1] ""
++
++msgid "second msgid"
++msgid_plural "second msgid (plural)"
++msgstr[0] ""
++msgstr[1] ""
++
++msgid "third msgid"
++msgid_plural "third msgid (plural)"
++msgstr[0] ""
++msgstr[1] ""
++EOF
++
++: ${DIFF=diff}
++${DIFF} xg-po-2.ok xg-po-2.po
++result=$?
++
++exit $result
+--
+1.9.1
+
diff --git a/meta/recipes-core/gettext/gettext_0.19.8.1.bb b/meta/recipes-core/gettext/gettext_0.19.8.1.bb
index 68f5cc3..933bacc 100644
--- a/meta/recipes-core/gettext/gettext_0.19.8.1.bb
+++ b/meta/recipes-core/gettext/gettext_0.19.8.1.bb
@@ -8,8 +8,11 @@ SECTION = "libs"
LICENSE = "GPLv3+ & LGPL-2.1+"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
-DEPENDS = "gettext-native virtual/libiconv"
-DEPENDS_class-native = "gettext-minimal-native"
+# Because po-gram-gen.y has been modified by fix-CVE-2018-18751.patch,
+# it requires yacc which provided by bison-native
+# Please remove bison-native from DEPENDS* when next upgrade
+DEPENDS = "bison-native gettext-native virtual/libiconv"
+DEPENDS_class-native = "bison-native gettext-minimal-native"
PROVIDES = "virtual/libintl virtual/gettext"
PROVIDES_class-native = "virtual/gettext-native"
RCONFLICTS_${PN} = "proxy-libintl"
@@ -18,6 +21,7 @@ SRC_URI = "${GNU_MIRROR}/gettext/gettext-${PV}.tar.gz \
file://add-with-bisonlocaledir.patch \
file://cr-statement.c-timsort.h-fix-formatting-issues.patch \
file://use-pkgconfig.patch \
+ file://fix-CVE-2018-18751.patch \
"
SRC_URI[md5sum] = "97e034cf8ce5ba73a28ff6c3c0638092"
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list