diff options
author | Kai Kang <kai.kang@windriver.com> | 2018-11-14 00:46:32 -0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-11-16 11:46:07 +0000 |
commit | 6da5d5b3242f4f435628192c561a1d2115a9a9ee (patch) | |
tree | 1672ef5cec3f88baeca68bac76fe182c27dc45e9 | |
parent | be1c84a91eb3ddddbef5cb7d4f74ffbb0ffe5778 (diff) | |
download | poky-6da5d5b3242f4f435628192c561a1d2115a9a9ee.tar.gz |
gettext: fix CVE-2018-18751
Backport patch to fix CVE-2018-18751 for gettext. Because po-gram-gen.y
has been modified by fix-CVE-2018-18751.patch, it requires yacc which
provided by bison-native to re-create po-gram-gen.c. Please remove
bison-native from DEPENDS* when next upgrade.
Ref:
https://security-tracker.debian.org/tracker/CVE-2018-18751
(From OE-Core rev: 4b3a085d6c63fd8459bb084aaa277dd2e8949594)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-core/gettext/gettext-0.19.8.1/fix-CVE-2018-18751.patch | 141 | ||||
-rw-r--r-- | meta/recipes-core/gettext/gettext_0.19.8.1.bb | 8 |
2 files changed, 147 insertions, 2 deletions
diff --git a/meta/recipes-core/gettext/gettext-0.19.8.1/fix-CVE-2018-18751.patch b/meta/recipes-core/gettext/gettext-0.19.8.1/fix-CVE-2018-18751.patch new file mode 100644 index 0000000000..6dfe200d65 --- /dev/null +++ b/meta/recipes-core/gettext/gettext-0.19.8.1/fix-CVE-2018-18751.patch | |||
@@ -0,0 +1,141 @@ | |||
1 | Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=commit;h=dce3a16] | ||
2 | CVE: CVE-2018-18751 | ||
3 | |||
4 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | ||
5 | |||
6 | From dce3a16e5e9368245735e29bf498dcd5e3e474a4 Mon Sep 17 00:00:00 2001 | ||
7 | From: Daiki Ueno <ueno@gnu.org> | ||
8 | Date: Thu, 15 Sep 2016 13:57:24 +0200 | ||
9 | Subject: [PATCH] xgettext: Fix crash with *.po file input | ||
10 | |||
11 | When xgettext was given two *.po files with the same msgid_plural, it | ||
12 | crashed with double-free. Problem reported by Davlet Panech in: | ||
13 | http://lists.gnu.org/archive/html/bug-gettext/2016-09/msg00001.html | ||
14 | * gettext-tools/src/po-gram-gen.y: Don't free msgid_pluralform after | ||
15 | calling do_callback_message, assuming that it takes ownership. | ||
16 | * gettext-tools/src/read-catalog.c (default_add_message): Free | ||
17 | msgid_plural after calling message_alloc. | ||
18 | * gettext-tools/tests/xgettext-po-2: New file. | ||
19 | * gettext-tools/tests/Makefile.am (TESTS): Add new test. | ||
20 | --- | ||
21 | gettext-tools/src/po-gram-gen.y | 13 ++++----- | ||
22 | gettext-tools/src/read-catalog.c | 2 ++ | ||
23 | gettext-tools/tests/Makefile.am | 2 +- | ||
24 | gettext-tools/tests/xgettext-po-2 | 55 +++++++++++++++++++++++++++++++++++++++ | ||
25 | 4 files changed, 63 insertions(+), 9 deletions(-) | ||
26 | create mode 100755 gettext-tools/tests/xgettext-po-2 | ||
27 | |||
28 | diff --git a/gettext-tools/src/po-gram-gen.y b/gettext-tools/src/po-gram-gen.y | ||
29 | index becf5e6..4428e77 100644 | ||
30 | --- a/gettext-tools/src/po-gram-gen.y | ||
31 | +++ b/gettext-tools/src/po-gram-gen.y | ||
32 | @@ -221,14 +221,11 @@ message | ||
33 | check_obsolete ($1, $3); | ||
34 | check_obsolete ($1, $4); | ||
35 | if (!$1.obsolete || pass_obsolete_entries) | ||
36 | - { | ||
37 | - do_callback_message ($1.ctxt, string2, &$1.pos, $3.string, | ||
38 | - $4.rhs.msgstr, $4.rhs.msgstr_len, &$4.pos, | ||
39 | - $1.prev_ctxt, | ||
40 | - $1.prev_id, $1.prev_id_plural, | ||
41 | - $1.obsolete); | ||
42 | - free ($3.string); | ||
43 | - } | ||
44 | + do_callback_message ($1.ctxt, string2, &$1.pos, $3.string, | ||
45 | + $4.rhs.msgstr, $4.rhs.msgstr_len, &$4.pos, | ||
46 | + $1.prev_ctxt, | ||
47 | + $1.prev_id, $1.prev_id_plural, | ||
48 | + $1.obsolete); | ||
49 | else | ||
50 | { | ||
51 | free_message_intro ($1); | ||
52 | diff --git a/gettext-tools/src/read-catalog.c b/gettext-tools/src/read-catalog.c | ||
53 | index 571d18e..6af6d20 100644 | ||
54 | --- a/gettext-tools/src/read-catalog.c | ||
55 | +++ b/gettext-tools/src/read-catalog.c | ||
56 | @@ -397,6 +397,8 @@ default_add_message (default_catalog_reader_ty *this, | ||
57 | appropriate. */ | ||
58 | mp = message_alloc (msgctxt, msgid, msgid_plural, msgstr, msgstr_len, | ||
59 | msgstr_pos); | ||
60 | + if (msgid_plural != NULL) | ||
61 | + free (msgid_plural); | ||
62 | mp->prev_msgctxt = prev_msgctxt; | ||
63 | mp->prev_msgid = prev_msgid; | ||
64 | mp->prev_msgid_plural = prev_msgid_plural; | ||
65 | diff --git a/gettext-tools/tests/Makefile.am b/gettext-tools/tests/Makefile.am | ||
66 | index 23b09b1..0dfb4d8 100644 | ||
67 | --- a/gettext-tools/tests/Makefile.am | ||
68 | +++ b/gettext-tools/tests/Makefile.am | ||
69 | @@ -95,7 +95,7 @@ TESTS = gettext-1 gettext-2 gettext-3 gettext-4 gettext-5 gettext-6 gettext-7 \ | ||
70 | xgettext-perl-1 xgettext-perl-2 xgettext-perl-3 xgettext-perl-4 \ | ||
71 | xgettext-perl-5 xgettext-perl-6 xgettext-perl-7 xgettext-perl-8 \ | ||
72 | xgettext-php-1 xgettext-php-2 xgettext-php-3 xgettext-php-4 \ | ||
73 | - xgettext-po-1 \ | ||
74 | + xgettext-po-1 xgettext-po-2 \ | ||
75 | xgettext-properties-1 \ | ||
76 | xgettext-python-1 xgettext-python-2 xgettext-python-3 \ | ||
77 | xgettext-python-4 \ | ||
78 | diff --git a/gettext-tools/tests/xgettext-po-2 b/gettext-tools/tests/xgettext-po-2 | ||
79 | new file mode 100755 | ||
80 | index 0000000..c4bd9d0 | ||
81 | --- /dev/null | ||
82 | +++ b/gettext-tools/tests/xgettext-po-2 | ||
83 | @@ -0,0 +1,55 @@ | ||
84 | +#! /bin/sh | ||
85 | +. "${srcdir=.}/init.sh"; path_prepend_ . ../src | ||
86 | + | ||
87 | +# Test PO extractors with multiple input files. | ||
88 | + | ||
89 | +cat <<EOF > xg-po-2-1.po | ||
90 | +msgid "first msgid" | ||
91 | +msgid_plural "first msgid (plural)" | ||
92 | +msgstr[0] "" | ||
93 | +msgstr[1] "" | ||
94 | + | ||
95 | +msgid "second msgid" | ||
96 | +msgid_plural "second msgid (plural)" | ||
97 | +msgstr[0] "" | ||
98 | +msgstr[1] "" | ||
99 | +EOF | ||
100 | + | ||
101 | +cat <<EOF > xg-po-2-2.po | ||
102 | +msgid "third msgid" | ||
103 | +msgid_plural "third msgid (plural)" | ||
104 | +msgstr[0] "" | ||
105 | +msgstr[1] "" | ||
106 | + | ||
107 | +msgid "second msgid" | ||
108 | +msgid_plural "second msgid (plural)" | ||
109 | +msgstr[0] "" | ||
110 | +msgstr[1] "" | ||
111 | +EOF | ||
112 | + | ||
113 | +: ${XGETTEXT=xgettext} | ||
114 | +${XGETTEXT} --omit-header xg-po-2-1.po xg-po-2-2.po -o xg-po-2.tmp.po || Exit 1 | ||
115 | +LC_ALL=C tr -d '\r' < xg-po-2.tmp.po > xg-po-2.po || Exit 1 | ||
116 | + | ||
117 | +cat <<EOF > xg-po-2.ok | ||
118 | +msgid "first msgid" | ||
119 | +msgid_plural "first msgid (plural)" | ||
120 | +msgstr[0] "" | ||
121 | +msgstr[1] "" | ||
122 | + | ||
123 | +msgid "second msgid" | ||
124 | +msgid_plural "second msgid (plural)" | ||
125 | +msgstr[0] "" | ||
126 | +msgstr[1] "" | ||
127 | + | ||
128 | +msgid "third msgid" | ||
129 | +msgid_plural "third msgid (plural)" | ||
130 | +msgstr[0] "" | ||
131 | +msgstr[1] "" | ||
132 | +EOF | ||
133 | + | ||
134 | +: ${DIFF=diff} | ||
135 | +${DIFF} xg-po-2.ok xg-po-2.po | ||
136 | +result=$? | ||
137 | + | ||
138 | +exit $result | ||
139 | -- | ||
140 | 1.9.1 | ||
141 | |||
diff --git a/meta/recipes-core/gettext/gettext_0.19.8.1.bb b/meta/recipes-core/gettext/gettext_0.19.8.1.bb index 68f5cc329a..933baccd94 100644 --- a/meta/recipes-core/gettext/gettext_0.19.8.1.bb +++ b/meta/recipes-core/gettext/gettext_0.19.8.1.bb | |||
@@ -8,8 +8,11 @@ SECTION = "libs" | |||
8 | LICENSE = "GPLv3+ & LGPL-2.1+" | 8 | LICENSE = "GPLv3+ & LGPL-2.1+" |
9 | LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" | 9 | LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" |
10 | 10 | ||
11 | DEPENDS = "gettext-native virtual/libiconv" | 11 | # Because po-gram-gen.y has been modified by fix-CVE-2018-18751.patch, |
12 | DEPENDS_class-native = "gettext-minimal-native" | 12 | # it requires yacc which provided by bison-native |
13 | # Please remove bison-native from DEPENDS* when next upgrade | ||
14 | DEPENDS = "bison-native gettext-native virtual/libiconv" | ||
15 | DEPENDS_class-native = "bison-native gettext-minimal-native" | ||
13 | PROVIDES = "virtual/libintl virtual/gettext" | 16 | PROVIDES = "virtual/libintl virtual/gettext" |
14 | PROVIDES_class-native = "virtual/gettext-native" | 17 | PROVIDES_class-native = "virtual/gettext-native" |
15 | RCONFLICTS_${PN} = "proxy-libintl" | 18 | RCONFLICTS_${PN} = "proxy-libintl" |
@@ -18,6 +21,7 @@ SRC_URI = "${GNU_MIRROR}/gettext/gettext-${PV}.tar.gz \ | |||
18 | file://add-with-bisonlocaledir.patch \ | 21 | file://add-with-bisonlocaledir.patch \ |
19 | file://cr-statement.c-timsort.h-fix-formatting-issues.patch \ | 22 | file://cr-statement.c-timsort.h-fix-formatting-issues.patch \ |
20 | file://use-pkgconfig.patch \ | 23 | file://use-pkgconfig.patch \ |
24 | file://fix-CVE-2018-18751.patch \ | ||
21 | " | 25 | " |
22 | 26 | ||
23 | SRC_URI[md5sum] = "97e034cf8ce5ba73a28ff6c3c0638092" | 27 | SRC_URI[md5sum] = "97e034cf8ce5ba73a28ff6c3c0638092" |