1. photon
  2. Commit f4ca1df0da9cca342b02923bda61802bdb70cb5f
Browse code

pkg-config: Fix for CVE-2018-16428 and CVE-2018-16429

pkg-config uses internal glib. And CVE-2018-16428
and CVE-2018-16429 should be fixed for internal glib.

As the following file not present in internal glib,
so removed the changes of following file from these patches
(as compared with original patches):
glib/tests/Makefile.am

Change-Id: I732343c0958b8aade6b9f6b0d8b1b11cba95816b
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/6535
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Anish Swaminathan <anishs@vmware.com>

Ajay Kaher authored on 2019/01/20 07:21:56
Showing 3 changed files
SPECS/pkg-config/pkg-config-glib-CVE-2018-16428.patch
History View file @ f4ca1df
1 1 
new file mode 100644
... ... 
@@ -0,0 +1,67 @@
0 
+
1 
+m fccef3cc822af74699cca84cd202719ae61ca3b9 Mon Sep 17 00:00:00 2001
2 
+From: Philip Withnall <withnall@endlessm.com>
3 
+Date: Mon, 30 Jul 2018 18:33:39 +0100
4 
+Subject: [PATCH] gmarkup: Fix crash in error handling path for closing
5 
+ elements
6 
+MIME-Version: 1.0
7 
+Content-Type: text/plain; charset=UTF-8
8 
+Content-Transfer-Encoding: 8bit
9 
+
10 
+If something which looks like a closing tag is left unfinished, but
11 
+isn’t paired to an opening tag in the document, the error handling code
12 
+would do a null pointer dereference. Avoid that, at the cost of
13 
+introducing a new translatable error message.
14 
+
15 
+Includes a test case, courtesy of pdknsk.
16 
+
17 
+Signed-off-by: Philip Withnall <withnall@endlessm.com>
18 
+
19 
+https://gitlab.gnome.org/GNOME/glib/issues/1461
20 
+---
21 
+glib/gmarkup.c                      | 11 ++++++++---
22 
+ glib/tests/markups/fail-51.expected |  1 +
23 
+ glib/tests/markups/fail-51.gmarkup  |  1 +
24 
+ 3 files changed, 10 insertions(+), 3 deletions(-)
25 
+ create mode 100644 glib/tests/markups/fail-51.expected
26 
+ create mode 100644 glib/tests/markups/fail-51.gmarkup
27 
+
28 
+diff --git a/glib/gmarkup.c b/glib/gmarkup.c
29 
+index ed30ed2..a159d7b 100644
30 
+--- a/glib/gmarkup.c
31 
+@@ -1832,9 +1832,14 @@ g_markup_parse_context_end_parse (GMarkupParseContext  *context,
32 
+     case STATE_AFTER_CLOSE_TAG_SLASH:
33 
+     case STATE_INSIDE_CLOSE_TAG_NAME:
34 
+     case STATE_AFTER_CLOSE_TAG_NAME:
35 
+-      set_error (context, error, G_MARKUP_ERROR_PARSE,
36 
+-                 _("Document ended unexpectedly inside the close tag for "
37 
+-                   "element '%s'"), current_element (context));
38 
++      if (context->tag_stack != NULL)
39 
++        set_error (context, error, G_MARKUP_ERROR_PARSE,
40 
++                   _("Document ended unexpectedly inside the close tag for "
41 
++                     "element '%s'"), current_element (context));
42 
++      else
43 
++        set_error (context, error, G_MARKUP_ERROR_PARSE,
44 
++                   _("Document ended unexpectedly inside the close tag for an "
45 
++                     "unopened element"));
46 
+       break;
47 
+
48 
+     case STATE_INSIDE_PASSTHROUGH:
49 
+diff --git a/glib/tests/markups/fail-51.expected b/glib/tests/markups/fail-51.expected
50 
+new file mode 100644
51 
+index 0000000..1c7e8d4
52 
+--- /dev/null
53 
+@@ -0,0 +1 @@
54 
++ERROR Error on line 1 char 5: Document ended unexpectedly inside the close tag for an unopened element
55 
+diff --git a/glib/tests/markups/fail-51.gmarkup b/glib/tests/markups/fail-51.gmarkup
56 
+new file mode 100644
57 
+index 0000000..860e1e6
58 
+--- /dev/null
59 
+@@ -0,0 +1 @@
60 
++</0<
61 
+\ No newline at end of file
62 
+--
63 
+2.7.4
SPECS/pkg-config/pkg-config-glib-CVE-2018-16429.patch
History View file @ f4ca1df
0 64 
new file mode 100644
... ... 
@@ -0,0 +1,72 @@
0 
+From cec71705406f0b2790422f0c1aa0ff3b4b464b1b Mon Sep 17 00:00:00 2001
1 
+From: Philip Withnall <withnall@endlessm.com>
2 
+Date: Mon, 30 Jul 2018 18:10:25 +0100
3 
+Subject: [PATCH] gmarkup: Fix unvalidated UTF-8 read in markup parsing error
4 
+ paths
5 
+MIME-Version: 1.0
6 
+Content-Type: text/plain; charset=UTF-8
7 
+Content-Transfer-Encoding: 8bit
8 
+
9 
+When formatting the error messages for markup parsing errors, the parser
10 
+was unconditionally reading a UTF-8 character from the input buffer —
11 
+but the buffer might end with a partial code sequence, resulting in
12 
+reading off the end of the buffer by up to three bytes.
13 
+
14 
+Fix this and add a test case, courtesy of pdknsk.
15 
+
16 
+Signed-off-by: Philip Withnall <withnall@endlessm.com>
17 
+
18 
+---
19 
+ glib/gmarkup.c                      | 14 +++++++++++++-
20 
+ glib/tests/markups/fail-50.expected |  1 +
21 
+ glib/tests/markups/fail-50.gmarkup  |  1 +
22 
+ 3 files changed, 15 insertions(+), 1 deletions(-)
23 
+ create mode 100644 glib/tests/markups/fail-50.expected
24 
+ create mode 100644 glib/tests/markups/fail-50.gmarkup
25 
+
26 
+diff --git a/glib/gmarkup.c b/glib/gmarkup.c
27 
+index a159d7b..a2b1ed0 100644
28 
+--- a/glib/gmarkup.c
29 
+@@ -557,11 +557,23 @@ char_str (gunichar c,
30 
+   return buf;
31 
+ }
32 
+
33 
++/* Format the next UTF-8 character as a gchar* for printing in error output
34 
++ * when we encounter a syntax error. This correctly handles invalid UTF-8,
35 
++ * emitting it as hex escapes. */
36 
+ static gchar*
37 
+ utf8_str (const gchar *utf8,
38 
+           gchar       *buf)
39 
+ {
40 
+-  char_str (g_utf8_get_char (utf8), buf);
41 
++  gunichar c = g_utf8_get_char_validated (utf8, -1);
42 
++  if (c == (gunichar) -1 || c == (gunichar) -2)
43 
++    {
44 
++      gchar *temp = g_strdup_printf ("\\x%02x", (guint)(guchar)*utf8);
45 
++      memset (buf, 0, 8);
46 
++      memcpy (buf, temp, strlen (temp));
47 
++      g_free (temp);
48 
++    }
49 
++  else
50 
++    char_str (c, buf);
51 
+   return buf;
52 
+ }
53 
+
54 
+diff --git a/glib/tests/markups/fail-50.expected b/glib/tests/markups/fail-50.expected
55 
+new file mode 100644
56 
+index 0000000..70d4498
57 
+--- /dev/null
58 
+@@ -0,0 +1 @@
59 
++ERROR Error on line 1 char 5: Odd character '\xfc', expected an open quote mark after the equals sign when giving value for attribute 'r' of element ''
60 
+diff --git a/glib/tests/markups/fail-50.gmarkup b/glib/tests/markups/fail-50.gmarkup
61 
+new file mode 100644
62 
+index 0000000..f110f15
63 
+--- /dev/null
64 
+@@ -0,0 +1 @@
65 
++<	r=�
66 
+\ No newline at end of file
67 
+--
68 
+2.7.4
SPECS/pkg-config/pkg-config.spec
History View file @ f4ca1df
... ... 
@@ -1,7 +1,7 @@
1 1 
 Summary:	Build tool
2 2 
 Name:		pkg-config
3 3 
 Version:	0.28
4 
-Release:	2%{?dist}
4 
+Release:	3%{?dist}
5 5 
 License:	GPLv2+
6 6 
 URL:		http://www.freedesktop.org/wiki/Software/pkg-config
7 7 
 Group:		Development/Tools
... ... 
@@ -9,11 +9,20 @@ Vendor:		VMware, Inc.
9 9 
 Distribution: Photon
10 10 
 Source0:		http://pkgconfig.freedesktop.org/releases/%{name}-%{version}.tar.gz
11 11 
 %define sha1 pkg-config=71853779b12f958777bffcb8ca6d849b4d3bed46
12 
+Patch0:         pkg-config-glib-CVE-2018-16428.patch
13 
+Patch1:         pkg-config-glib-CVE-2018-16429.patch
14 
+
12 15 
 %description
13 16 
 Contains a tool for passing the include path and/or library paths
14 17 
 to build tools during the configure and make file execution.
18 
+
15 19 
 %prep
16 20 
 %setup -q
21 
+cd glib  # patches need to apply to internal glib
22 
+%patch0 -p1
23 
+%patch1 -p1
24 
+cd ..
25 
+
17 26 
 %build
18 27 
 ./configure \
19 28 
 	--prefix=%{_prefix} \
... ... 
@@ -33,6 +42,8 @@ make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck}
33 33 
 %{_docdir}/pkg-config-0.28/pkg-config-guide.html
34 34 
 %{_mandir}/man1/pkg-config.1.gz
35 35 
 %changelog
36 
+*	Fri Jan 18 2019 Ajay Kaher <akaher@vmware.com> 0.28-3
37 
+-	Fix internal glib for CVE-2018-16428 and CVE-2018-16429
36 38 
 *	Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 0.28-2
37 39 
 -	GA - Bump release of all rpms
38 40 
 *	Wed Nov 5 2014 Divya Thaluru <dthaluru@vmware.com> 0.28-1