fix potential issues detected by static analyzers in gettext-0.21-4.el9

resolves: rhbz#1938724
2021-05-26 10:30:44 +05:30 · 2021-05-26 10:30:44 +05:30 · 228e19420f
parent f01a097b98
commit 228e19420f
3 changed files with 215 additions and 37 deletions
--- a/gettext-0.21-covscan.patch
+++ b/gettext-0.21-covscan.patch
@ -0,0 +1,68 @@
+diff --git a/gettext-tools/src/msgl-cat.c b/gettext-tools/src/msgl-cat.c
+index 990d39e..9814502 100644
+--- a/gettext-tools/src/msgl-cat.c
+++ b/gettext-tools/src/msgl-cat.c
+@@ -306,6 +306,7 @@ catenate_msgdomain_list (string_list_ty *file_list,
+                                    mp->msgid);
+                       multiline_error (xstrdup (""),
+                                        xasprintf ("%s\n", errormsg));
+                      free (errormsg);
+                     }
+                 }
+               else
+diff --git a/gettext-tools/src/x-csharp.c b/gettext-tools/src/x-csharp.c
+index 5cf72ad..7a0e5d3 100644
+--- a/gettext-tools/src/x-csharp.c
+++ b/gettext-tools/src/x-csharp.c
+@@ -560,6 +560,7 @@ comment_line_end (size_t chars_to_remove)
+   buffer[buflen] = '\0';
+   savable_comment_add (buffer);
+   lexical_context = lc_outside;
+  free (buffer);
+ }
+ 
+ 
+diff --git a/gettext-tools/src/x-java.c b/gettext-tools/src/x-java.c
+index eff1e6f..7e1bb78 100644
+--- a/gettext-tools/src/x-java.c
+++ b/gettext-tools/src/x-java.c
+@@ -460,6 +460,7 @@ comment_line_end (size_t chars_to_remove)
+     --buflen;
+   buffer[buflen] = '\0';
+   savable_comment_add (buffer);
+  free (buffer);
+ }
+ 
+ 
+diff --git a/gettext-tools/src/x-rst.c b/gettext-tools/src/x-rst.c
+index cde1ee6..fca441e 100644
+--- a/gettext-tools/src/x-rst.c
+++ b/gettext-tools/src/x-rst.c
+@@ -651,6 +651,7 @@ extract_rsj (FILE *f,
+           else
+             goto invalid_rsj;
+ 
+          free (s1);
+           /* Parse a comma.  */
+           c = phase2_getc ();
+           if (c == '}')
+@@ -667,6 +668,7 @@ extract_rsj (FILE *f,
+ 
+   fp = NULL;
+   real_file_name = NULL;
+  free (logical_file_name);
+   logical_file_name = NULL;
+   line_number = 0;
+ 
+diff --git a/gettext-tools/src/xg-arglist-callshape.c b/gettext-tools/src/xg-arglist-callshape.c
+index 06b7076..2189aac 100644
+--- a/gettext-tools/src/xg-arglist-callshape.c
+++ b/gettext-tools/src/xg-arglist-callshape.c
+@@ -118,6 +118,7 @@ split_keywordspec (const char *spec,
+                   memcpy (xcomment, xcomment_start, xcomment_len);
+                   xcomment[xcomment_len] = '\0';
+                   string_list_append (&xcomments, xcomment);
+                  free (xcomment);
+                 }
+               else
+                 break;
--- a/gettext-0.21-disable-libtextstyle.patch
+++ b/gettext-0.21-disable-libtextstyle.patch
@ -0,0 +1,128 @@
+diff --git a/Makefile.am b/Makefile.am
+index 815e3c7..e897de7 100644
+--- a/Makefile.am
+++ b/Makefile.am
+@@ -19,7 +19,7 @@
+ AUTOMAKE_OPTIONS = 1.5 gnu no-dependencies
+ ACLOCAL_AMFLAGS = -I m4
+ 
+-SUBDIRS = gnulib-local gettext-runtime libtextstyle gettext-tools
+SUBDIRS = gnulib-local gettext-runtime gettext-tools
+ 
+ changelog_etc = \
+   gettext-runtime/ChangeLog.0 \
+@@ -123,7 +123,6 @@ distcheck-hook:
+ 	test "`sed 1,16d $(srcdir)/gettext-runtime/intl/xsize.h | md5sum`" = "`sed 1,16d $(srcdir)/gettext-tools/gnulib-lib/xsize.h | md5sum`"
+ 	cmp -s $(srcdir)/gettext-runtime/man/help2man $(srcdir)/gettext-tools/man/help2man
+ 	cmp -s $(srcdir)/gettext-runtime/man/x-to-1.in $(srcdir)/gettext-tools/man/x-to-1.in
+-	cmp -s $(srcdir)/libtextstyle/m4/libtextstyle.m4 $(srcdir)/gettext-tools/gnulib-m4/libtextstyle.m4
+ 	cmp -s $(srcdir)/gettext-tools/examples/hello-java-awt/m4/TestAWT.java $(srcdir)/gettext-tools/examples/hello-java-swing/m4/TestAWT.java
+ 	cmp -s $(srcdir)/gettext-tools/examples/hello-java-awt/m4/TestAWT.class $(srcdir)/gettext-tools/examples/hello-java-swing/m4/TestAWT.class
+ 	test "`sed 1,15d $(srcdir)/gnulib-local/lib/alloca.in.h | md5sum`" = "`sed 1,15d $(srcdir)/gettext-runtime/libasprintf/alloca.in.h | md5sum`"
+diff --git a/configure.ac b/configure.ac
+index 49689fb..2d23b44 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -37,7 +37,7 @@ dnl Checks for typedefs, structures, and compiler characteristics.
+ 
+ dnl Checks for library functions.
+ 
+-AC_CONFIG_SUBDIRS([gettext-runtime libtextstyle gettext-tools])
+AC_CONFIG_SUBDIRS([gettext-runtime gettext-tools])
+ 
+ AM_EXTRA_RECURSIVE_TARGETS([maintainer-update-po])
+ 
+@@ -49,7 +49,7 @@ AC_CANONICAL_HOST
+ dnl Optional Features: AC_ARG_ENABLE calls
+ dnl Optional Packages: AC_ARG_WITH calls
+ dnl Some influential environment variables: AC_ARG_VAR calls
+-esyscmd([{ cd gettext-runtime && autoconf --trace=AC_ARG_ENABLE:'$n([$1],[$2])' --trace=AC_ARG_WITH:'$n([$1],[$2])' --trace=AC_ARG_VAR:'$n($@)' && cd ..; cd libtextstyle && autoconf --trace=AC_ARG_ENABLE:'$n([$1],[$2])' --trace=AC_ARG_WITH:'$n([$1],[$2])' --trace=AC_ARG_VAR:'$n($@)' && cd ..; { cd gettext-tools && autoconf --trace=AC_ARG_ENABLE:'$n([$1],[$2])' --trace=AC_ARG_WITH:'$n([$1],[$2])' --trace=AC_ARG_VAR:'$n($@)' && cd ..; } | grep -v installed.libtextstyle | grep -v installed.csharp | grep -v 'installed C#'; } | sed -f build-aux/ac-help.sed ])
+esyscmd([{ cd gettext-runtime && autoconf --trace=AC_ARG_ENABLE:'$n([$1],[$2])' --trace=AC_ARG_WITH:'$n([$1],[$2])' --trace=AC_ARG_VAR:'$n($@)' && cd ..; { cd gettext-tools && autoconf --trace=AC_ARG_ENABLE:'$n([$1],[$2])' --trace=AC_ARG_WITH:'$n([$1],[$2])' --trace=AC_ARG_VAR:'$n($@)' && cd ..; } | grep -v installed.csharp | grep -v 'installed C#'; } | sed -f build-aux/ac-help.sed ])
+ 
+ AC_CONFIG_FILES([Makefile])
+ 
+diff --git a/gettext-tools/Makefile.am b/gettext-tools/Makefile.am
+index 449a797..c5719c2 100644
+--- a/gettext-tools/Makefile.am
+++ b/gettext-tools/Makefile.am
+@@ -19,7 +19,7 @@
+ AUTOMAKE_OPTIONS = 1.5 gnu no-dependencies
+ ACLOCAL_AMFLAGS = -I m4 -I ../gettext-runtime/m4 -I ../m4 -I gnulib-m4 -I libgrep/gnulib-m4 -I libgettextpo/gnulib-m4
+ 
+-SUBDIRS = intl gnulib-lib libgrep src libgettextpo po its projects styles emacs misc man m4 tests system-tests gnulib-tests examples doc
+SUBDIRS = intl gnulib-lib libgrep libgettextpo src po its projects styles emacs misc man m4 tests system-tests gnulib-tests examples doc
+ 
+ EXTRA_DIST = misc/DISCLAIM
+ MOSTLYCLEANFILES = core *.stackdump
+diff --git a/gettext-tools/libgettextpo/textstyle.in.h b/gettext-tools/libgettextpo/textstyle.in.h
+index 536b51b..585ce66 100644
+--- a/gettext-tools/libgettextpo/textstyle.in.h
+++ b/gettext-tools/libgettextpo/textstyle.in.h
+@@ -213,7 +213,8 @@ typedef ostream_t file_ostream_t;
+ static inline file_ostream_t
+ file_ostream_create (FILE *fp)
+ {
+-  return fp;
+  /* Closing the stream we return should not close 'fp'.  */
+  return fdopen (dup (fileno (fp)), "w");
+ }
+ 
+ /* --------------------------- From fd-ostream.h --------------------------- */
+@@ -413,6 +414,30 @@ html_styled_ostream_create (ostream_t destination _GL_UNUSED,
+   return NULL;
+ }
+ 
+/* ----------------------- From noop-styled-ostream.h ----------------------- */
+
+/* noop_styled_ostream_t is a subtype of ostream_t.  */
+typedef ostream_t noop_styled_ostream_t;
+
+#define noop_styled_ostream_write_mem ostream_write_mem
+#define noop_styled_ostream_flush ostream_flush
+#define noop_styled_ostream_free ostream_free
+#define noop_styled_ostream_begin_use_class styled_ostream_begin_use_class
+#define noop_styled_ostream_end_use_class styled_ostream_end_use_class
+#define noop_styled_ostream_get_hyperlink_ref styled_ostream_get_hyperlink_ref
+#define noop_styled_ostream_get_hyperlink_id styled_ostream_get_hyperlink_id
+#define noop_styled_ostream_set_hyperlink styled_ostream_set_hyperlink
+#define noop_styled_ostream_flush_to_current_style styled_ostream_flush_to_current_style
+
+static inline ostream_t
+noop_styled_ostream_create (ostream_t destination, bool pass_ownership)
+{
+  if (pass_ownership)
+    return destination;
+  else
+    return fdopen (dup (fileno (destination)), "w");
+}
+
+ /* ------------------------------ From color.h ------------------------------ */
+ 
+ #define color_test_mode false
+diff --git a/gettext-tools/src/Makefile.am b/gettext-tools/src/Makefile.am
+index 764ffad..eccfbbd 100644
+--- a/gettext-tools/src/Makefile.am
+++ b/gettext-tools/src/Makefile.am
+@@ -292,19 +292,9 @@ cldr_plurals_SOURCES = cldr-plural.y cldr-plural-exp.c cldr-plurals.c
+ cldr_plurals_CFLAGS = $(AM_CFLAGS) $(INCXML)
+ cldr_plurals_LDADD = libgettextsrc.la $(LDADD)
+ 
+-if USE_INSTALLED_LIBTEXTSTYLE
+-LT_LIBTEXTSTYLE = @LTLIBTEXTSTYLE@
+-else
+-# How to get the include files of libtextstyle.
+-textstyle.h textstyle/stdbool.h textstyle/version.h textstyle/woe32dll.h:
+-	here=`pwd`; \
+-	cd ../../libtextstyle/lib && \
+-	  $(MAKE) install-nobase_includeHEADERS install-nobase_nodist_includeHEADERS includedir="$$here"
+-BUILT_SOURCES    += textstyle.h textstyle/stdbool.h textstyle/version.h textstyle/woe32dll.h
+-MOSTLYCLEANFILES += textstyle.h textstyle/stdbool.h textstyle/version.h textstyle/woe32dll.h
+-# Where to find the built libtextstyle library.
+-LT_LIBTEXTSTYLE = ../../libtextstyle/lib/libtextstyle.la
+-endif
+# Use the dummy libtextstyle from gnulib, as libgettextpo does.
+LT_LIBTEXTSTYLE =
+AM_CPPFLAGS += -I../libgettextpo -I$(top_srcdir)/libgettextpo
+ 
+ # How to build libgettextsrc.la.
+ # Need ../gnulib-lib/libgettextlib.la.
--- a/gettext.spec
+++ b/gettext.spec
@ -4,7 +4,7 @@
 Summary: GNU libraries and utilities for producing multi-lingual messages
 Name: gettext
 Version: 0.21
-Release: 5%{?dist}
+Release: 6%{?dist}
 # The following are licensed under LGPLv2+:
 # - libintl and its headers
 # - libasprintf and its headers
@ -19,7 +19,7 @@ Release: 5%{?dist}
 # - libtextstyle info files
 # Everything else is GPLv3+
 License: GPLv3+ and LGPLv2+ and GFDL
-URL: http://www.gnu.org/software/gettext/
+URL: https://www.gnu.org/software/gettext/
 Source: https://ftp.gnu.org/pub/gnu/gettext/%{name}-%{version}.tar.xz
 Source2: msghack.py
 Source3: msghack.1
@ -29,10 +29,12 @@ Source3: msghack.1

 # https://lists.gnu.org/archive/html/bug-gnulib/2020-07/msg00195.html
 Patch1: gettext-0.21-gnulib-perror-tests.patch
+Patch2: gettext-0.21-disable-libtextstyle.patch
+Patch3: gettext-0.21-covscan.patch

 # for bootstrapping
 # BuildRequires: autoconf >= 2.62
-# BuildRequires: automake
+BuildRequires: automake
 # BuildRequires: libtool
 # BuildRequires: bison

@ -116,6 +118,7 @@ Requires: xz
 Requires: diffutils
 Obsoletes: gettext-autopoint < 0.18.1.1-3
 Provides: gettext-autopoint = %{version}-%{release}
+Obsoletes: libtextstyle-devel < %{version}-%{release}

 %description devel
 This package contains all development related files necessary for
@ -129,31 +132,12 @@ Summary: Libraries for %{name}
 # libasprintf is LGPLv2+
 # libgettextpo is GPLv3+
 License: LGPLv2+ and GPLv3+
+Obsoletes: libtextstyle < %{version}-%{release}

 %description libs
 This package contains libraries used internationalization support.


-%package -n libtextstyle
-Summary: Text styling library
-License: GPLv3+
-
-%description -n libtextstyle
-Library for producing styled text to be displayed in a terminal
-emulator.
-
-
-%package -n libtextstyle-devel
-Summary: Development files for libtextstyle
-License: GPLv3+ and GFDL
-Requires: libtextstyle%{?_isa} = %{version}-%{release}
-
-%description -n libtextstyle-devel
-This package contains all development related files necessary for
-developing or compiling applications/libraries that needs text
-styling.
-
-
 %package -n emacs-%{name}
 Summary: Support for editing po files within GNU Emacs
 BuildArch: noarch
@ -226,8 +210,8 @@ sed -e 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' \
    aclocaldir=%{_datadir}/aclocal EXAMPLESFILES=""


-install -pm 755 %SOURCE2 ${RPM_BUILD_ROOT}/%{_bindir}/msghack
-install -pm 644 %SOURCE3 ${RPM_BUILD_ROOT}/%{_mandir}/man1/msghack.1
+install -pm 755 %SOURCE2 ${RPM_BUILD_ROOT}%{_bindir}/msghack
+install -pm 644 %SOURCE3 ${RPM_BUILD_ROOT}%{_mandir}/man1/msghack.1


 # make preloadable_libintl.so executable
@ -245,7 +229,7 @@ rm -rf ${RPM_BUILD_ROOT}%{_datadir}/doc/gettext/examples

 rm -rf htmldoc
 mkdir htmldoc
-mv ${RPM_BUILD_ROOT}%{_datadir}/doc/gettext/* ${RPM_BUILD_ROOT}/%{_datadir}/doc/libasprintf/* htmldoc
+mv ${RPM_BUILD_ROOT}%{_datadir}/doc/gettext/* ${RPM_BUILD_ROOT}%{_datadir}/doc/libasprintf/* htmldoc
 rm -r ${RPM_BUILD_ROOT}%{_datadir}/doc/libasprintf
 rm -r ${RPM_BUILD_ROOT}%{_datadir}/doc/gettext

@ -296,8 +280,9 @@ make check LIBUNISTRING=-lunistring
 %ldconfig_scriptlets libs

 %files -f %{name}.lang
+%license COPYING
 %doc AUTHORS gettext-runtime/BUGS
-%doc COPYING gettext-tools/misc/DISCLAIM README
+%doc gettext-tools/misc/DISCLAIM README
 %doc NEWS THANKS
 %doc gettext-runtime/man/*.1.html
 %doc gettext-runtime/intl/COPYING*
@ -374,16 +359,6 @@ make check LIBUNISTRING=-lunistring
 %{_datadir}/%{name}/libintl.jar
 %endif

-%files -n libtextstyle
-%{_libdir}/libtextstyle.so.0*
-
-%files -n libtextstyle-devel
-%{_docdir}/libtextstyle/
-%{_includedir}/textstyle/
-%{_includedir}/textstyle.h
-%{_infodir}/libtextstyle*
-%{_libdir}/libtextstyle.so
-
 %files -n emacs-%{name}
 %dir %{_emacs_sitelispdir}/%{name}
 %{_emacs_sitelispdir}/%{name}/*.elc
@ -396,6 +371,13 @@ make check LIBUNISTRING=-lunistring
 %{_mandir}/man1/msghack.1*

 %changelog
+* Mon May 17 2021 Sundeep Anand <suanand@redhat.com> - 0.21-6
+- Add gettext-0.21-covscan.patch to fix issues detected by static analyzers
+  Add gettext-0.21-disable-libtextstyle.patch
+  Do not build libtextstyle, as it depends on libcroco
+  which is now unmaintained and has known security bugs.
+  Obsolete libtextstyle and libtextstyle-devel packages.
+
 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.21-5
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937