new file mode 100644

@@ -0,0 +1,50 @@

+diff -ru a/gettext-tools/src/po-gram-gen.y b/gettext-tools/src/po-gram-gen.y

+--- a/gettext-tools/src/po-gram-gen.y	2019-03-14 21:17:26.557259243 +0000

+@@ -221,15 +221,12 @@

+                   check_obsolete ($1, $3);

+                   check_obsolete ($1, $4);

+                   if (!$1.obsolete || pass_obsolete_entries)

+-                    {

+-                      do_callback_message ($1.ctxt, string2, &$1.pos, $3.string,

+-                                           $4.rhs.msgstr, $4.rhs.msgstr_len, &$4.pos,

+-                                           $1.prev_ctxt,

+-                                           $1.prev_id, $1.prev_id_plural,

+-                                           $1.obsolete);

+-                      free ($3.string);

+-                    }

+-                  else

++                     do_callback_message ($1.ctxt, string2, &$1.pos, $3.string,

++                                          $4.rhs.msgstr, $4.rhs.msgstr_len, &$4.pos,

++                                          $1.prev_ctxt,

++                                          $1.prev_id, $1.prev_id_plural,

++                                          $1.obsolete);

++		  else

+                     {

+                       free_message_intro ($1);

+                       free (string2);

+diff -ru a/gettext-tools/src/read-catalog.c b/gettext-tools/src/read-catalog.c

+--- a/gettext-tools/src/read-catalog.c	2019-03-14 21:17:26.561259208 +0000

+@@ -397,6 +397,8 @@

+          appropriate.  */

+       mp = message_alloc (msgctxt, msgid, msgid_plural, msgstr, msgstr_len,

+                           msgstr_pos);

++      if (msgid_plural != NULL)

++	free (msgid_plural);

+       mp->prev_msgctxt = prev_msgctxt;

+       mp->prev_msgid = prev_msgid;

+       mp->prev_msgid_plural = prev_msgid_plural;

+diff -ru a/gettext-tools/tests/Makefile.am b/gettext-tools/tests/Makefile.am

+--- a/gettext-tools/tests/Makefile.am	2019-03-14 21:17:26.609258796 +0000

+@@ -94,7 +94,7 @@

+ 	xgettext-perl-1 xgettext-perl-2 xgettext-perl-3 xgettext-perl-4 \

+ 	xgettext-perl-5 xgettext-perl-6 xgettext-perl-7 xgettext-perl-8 \

+ 	xgettext-php-1 xgettext-php-2 xgettext-php-3 xgettext-php-4 \

+-	xgettext-po-1 \

++	xgettext-po-1 xgettext-po-2 \

+ 	xgettext-properties-1 \

+ 	xgettext-python-1 xgettext-python-2 xgettext-python-3 \

+ 	xgettext-python-4 \

+Only in b/gettext-tools/tests: xgettext-po-2

@@ -1,7 +1,7 @@

 Summary:	Utilities for internationalization and localization

 Name:		gettext

 Version:	0.19.5.1

-Release:	3%{?dist}

+Release:	4%{?dist}

 License:	GPLv3

 URL:		http://www.gnu.org/software/gettext

 Group:		Applications/System

@@ -11,6 +11,7 @@ Source0:		http://ftp.gnu.org/gnu/gettext/%{name}-%{version}.tar.xz

 %define sha1 gettext=668562227972d2645ac6c5930448ba74df65a53f

 Source1:        libxml2-2.9.8.tar.gz

 %define         sha1 libxml2=66bcefd98a6b7573427cf66f9d3841b59eb5b8c3

+Patch0:		gettext-CVE-2018-18751.patch

 %description

 These allow programs to be compiled with NLS

@@ -19,6 +20,8 @@ messages in the user's native language.

 %prep

 %setup -q

 %setup -D -a 1

+%patch0 -p1

+

 rm -rf gnulib-local/lib/libxml

 mv libxml2-2.9.8 gnulib-local/lib/libxml

@@ -52,6 +55,8 @@ make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck}

 %{_datarootdir}/%{name}/*

 %{_mandir}/*/*

 %changelog

+*	Thu Mar 14 2019 Siju Maliakkal <smaliakkal@vmware.com> 0.19.5.1-4

+-	Fix CVE-2018-18751

 *       Wed May 23 2018 Xiaolin Li <xiaolinl@vmware.com> 0.19.5.1-3

 -       Rebuild gettext with libxml2-2.9.8

 *	Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 0.19.5.1-2