1. photon
  2. Commit 31cd5485a0272fa954f4605ebe7de119fdb3691f
Browse code

pkg-config: Fix for CVE-2018-16428 and CVE-2018-16429

pkg-config uses internal glib. And CVE-2018-16428
and CVE-2018-16429 should be fixed for internal glib.

As the following file not present in internal glib,
so removed the changes of following file from these patches
(as compared with original patches):
glib/tests/Makefile.am

Change-Id: Ibfe22f909de309058d8c8c36aea9abebbe2c1186
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/6544
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Anish Swaminathan <anishs@vmware.com>

Ajay Kaher authored on 2019/01/22 02:36:42
Showing 3 changed files
SPECS/pkg-config/pkg-config-glib-CVE-2018-16428.patch
History View file @ 31cd548
1 1 
new file mode 100644
... ... 
@@ -0,0 +1,67 @@
0 
+
1 
+m fccef3cc822af74699cca84cd202719ae61ca3b9 Mon Sep 17 00:00:00 2001
2 
+From: Philip Withnall <withnall@endlessm.com>
3 
+Date: Mon, 30 Jul 2018 18:33:39 +0100
4 
+Subject: [PATCH] gmarkup: Fix crash in error handling path for closing
5 
+ elements
6 
+MIME-Version: 1.0
7 
+Content-Type: text/plain; charset=UTF-8
8 
+Content-Transfer-Encoding: 8bit
9 
+
10 
+If something which looks like a closing tag is left unfinished, but
11 
+isn’t paired to an opening tag in the document, the error handling code
12 
+would do a null pointer dereference. Avoid that, at the cost of
13 
+introducing a new translatable error message.
14 
+
15 
+Includes a test case, courtesy of pdknsk.
16 
+
17 
+Signed-off-by: Philip Withnall <withnall@endlessm.com>
18 
+
19 
+https://gitlab.gnome.org/GNOME/glib/issues/1461
20 
+---
21 
+glib/gmarkup.c                      | 11 ++++++++---
22 
+ glib/tests/markups/fail-51.expected |  1 +
23 
+ glib/tests/markups/fail-51.gmarkup  |  1 +
24 
+ 3 files changed, 10 insertions(+), 3 deletions(-)
25 
+ create mode 100644 glib/tests/markups/fail-51.expected
26 
+ create mode 100644 glib/tests/markups/fail-51.gmarkup
27 
+
28 
+diff --git a/glib/gmarkup.c b/glib/gmarkup.c
29 
+index ed30ed2..a159d7b 100644
30 
+--- a/glib/gmarkup.c
31 
+@@ -1832,9 +1832,14 @@ g_markup_parse_context_end_parse (GMarkupParseContext  *context,
32 
+     case STATE_AFTER_CLOSE_TAG_SLASH:
33 
+     case STATE_INSIDE_CLOSE_TAG_NAME:
34 
+     case STATE_AFTER_CLOSE_TAG_NAME:
35 
+-      set_error (context, error, G_MARKUP_ERROR_PARSE,
36 
+-                 _("Document ended unexpectedly inside the close tag for "
37 
+-                   "element '%s'"), current_element (context));
38 
++      if (context->tag_stack != NULL)
39 
++        set_error (context, error, G_MARKUP_ERROR_PARSE,
40 
++                   _("Document ended unexpectedly inside the close tag for "
41 
++                     "element '%s'"), current_element (context));
42 
++      else
43 
++        set_error (context, error, G_MARKUP_ERROR_PARSE,
44 
++                   _("Document ended unexpectedly inside the close tag for an "
45 
++                     "unopened element"));
46 
+       break;
47 
+
48 
+     case STATE_INSIDE_PASSTHROUGH:
49 
+diff --git a/glib/tests/markups/fail-51.expected b/glib/tests/markups/fail-51.expected
50 
+new file mode 100644
51 
+index 0000000..1c7e8d4
52 
+--- /dev/null
53 
+@@ -0,0 +1 @@
54 
++ERROR Error on line 1 char 5: Document ended unexpectedly inside the close tag for an unopened element
55 
+diff --git a/glib/tests/markups/fail-51.gmarkup b/glib/tests/markups/fail-51.gmarkup
56 
+new file mode 100644
57 
+index 0000000..860e1e6
58 
+--- /dev/null
59 
+@@ -0,0 +1 @@
60 
++</0<
61 
+\ No newline at end of file
62 
+--
63 
+2.7.4
SPECS/pkg-config/pkg-config-glib-CVE-2018-16429.patch
History View file @ 31cd548
0 64 
new file mode 100644
... ... 
@@ -0,0 +1,72 @@
0 
+From cec71705406f0b2790422f0c1aa0ff3b4b464b1b Mon Sep 17 00:00:00 2001
1 
+From: Philip Withnall <withnall@endlessm.com>
2 
+Date: Mon, 30 Jul 2018 18:10:25 +0100
3 
+Subject: [PATCH] gmarkup: Fix unvalidated UTF-8 read in markup parsing error
4 
+ paths
5 
+MIME-Version: 1.0
6 
+Content-Type: text/plain; charset=UTF-8
7 
+Content-Transfer-Encoding: 8bit
8 
+
9 
+When formatting the error messages for markup parsing errors, the parser
10 
+was unconditionally reading a UTF-8 character from the input buffer —
11 
+but the buffer might end with a partial code sequence, resulting in
12 
+reading off the end of the buffer by up to three bytes.
13 
+
14 
+Fix this and add a test case, courtesy of pdknsk.
15 
+
16 
+Signed-off-by: Philip Withnall <withnall@endlessm.com>
17 
+
18 
+---
19 
+ glib/gmarkup.c                      | 14 +++++++++++++-
20 
+ glib/tests/markups/fail-50.expected |  1 +
21 
+ glib/tests/markups/fail-50.gmarkup  |  1 +
22 
+ 3 files changed, 15 insertions(+), 1 deletions(-)
23 
+ create mode 100644 glib/tests/markups/fail-50.expected
24 
+ create mode 100644 glib/tests/markups/fail-50.gmarkup
25 
+
26 
+diff --git a/glib/gmarkup.c b/glib/gmarkup.c
27 
+index a159d7b..a2b1ed0 100644
28 
+--- a/glib/gmarkup.c
29 
+@@ -557,11 +557,23 @@ char_str (gunichar c,
30 
+   return buf;
31 
+ }
32 
+
33 
++/* Format the next UTF-8 character as a gchar* for printing in error output
34 
++ * when we encounter a syntax error. This correctly handles invalid UTF-8,
35 
++ * emitting it as hex escapes. */
36 
+ static gchar*
37 
+ utf8_str (const gchar *utf8,
38 
+           gchar       *buf)
39 
+ {
40 
+-  char_str (g_utf8_get_char (utf8), buf);
41 
++  gunichar c = g_utf8_get_char_validated (utf8, -1);
42 
++  if (c == (gunichar) -1 || c == (gunichar) -2)
43 
++    {
44 
++      gchar *temp = g_strdup_printf ("\\x%02x", (guint)(guchar)*utf8);
45 
++      memset (buf, 0, 8);
46 
++      memcpy (buf, temp, strlen (temp));
47 
++      g_free (temp);
48 
++    }
49 
++  else
50 
++    char_str (c, buf);
51 
+   return buf;
52 
+ }
53 
+
54 
+diff --git a/glib/tests/markups/fail-50.expected b/glib/tests/markups/fail-50.expected
55 
+new file mode 100644
56 
+index 0000000..70d4498
57 
+--- /dev/null
58 
+@@ -0,0 +1 @@
59 
++ERROR Error on line 1 char 5: Odd character '\xfc', expected an open quote mark after the equals sign when giving value for attribute 'r' of element ''
60 
+diff --git a/glib/tests/markups/fail-50.gmarkup b/glib/tests/markups/fail-50.gmarkup
61 
+new file mode 100644
62 
+index 0000000..f110f15
63 
+--- /dev/null
64 
+@@ -0,0 +1 @@
65 
++<	r=�
66 
+\ No newline at end of file
67 
+--
68 
+2.7.4
SPECS/pkg-config/pkg-config.spec
History View file @ 31cd548
... ... 
@@ -1,7 +1,7 @@
1 1 
 Summary:	Build tool
2 2 
 Name:		pkg-config
3 3 
 Version:	0.29.2
4 
-Release:	1%{?dist}
4 
+Release:	2%{?dist}
5 5 
 License:	GPLv2+
6 6 
 URL:		http://www.freedesktop.org/wiki/Software/pkg-config
7 7 
 Group:		Development/Tools
... ... 
@@ -9,11 +9,21 @@ Vendor:		VMware, Inc.
9 9 
 Distribution:   Photon
10 10 
 Source0:	http://pkgconfig.freedesktop.org/releases/%{name}-%{version}.tar.gz
11 11 
 %define sha1 pkg-config=76e501663b29cb7580245720edfb6106164fad2b
12 
+
13 
+Patch0:         pkg-config-glib-CVE-2018-16428.patch
14 
+Patch1:         pkg-config-glib-CVE-2018-16429.patch
15 
+
12 16 
 %description
13 17 
 Contains a tool for passing the include path and/or library paths
14 18 
 to build tools during the configure and make file execution.
19 
+
15 20 
 %prep
16 21 
 %setup -q
22 
+cd glib  # patches need to apply to internal glib
23 
+%patch0 -p1
24 
+%patch1 -p1
25 
+cd ..
26 
+
17 27 
 %build
18 28 
 ./configure \
19 29 
 	--prefix=%{_prefix} \
... ... 
@@ -35,6 +45,8 @@ make %{?_smp_mflags} check
35 35 
 %{_docdir}/pkg-config-*/pkg-config-guide.html
36 36 
 %{_mandir}/man1/pkg-config.1.gz
37 37 
 %changelog
38 
+*       Fri Jan 18 2019 Ajay Kaher <akaher@vmware.com> 0.29.2-2
39 
+-       Fix internal glib for CVE-2018-16428 and CVE-2018-16429
38 40 
 *       Mon Apr 03 2017 Rongrong Qiu <rqiu@vmware.com> 0.29.2-1
39 41 
 -       upgrade for 2.0
40 42 
 *       Wed Oct 05 2016 ChangLee <changlee@vmware.com> 0.28-3