!72 Fix CVE-2020-27618

From: @liusirui91
Reviewed-by: @liqingqing_1229
Signed-off-by: @liqingqing_1229

Fix-CVE-2020-27618-iconv-Accept-redundant-shift-sequences.patch

@@ -0,0 +1,56 @@
+From 9a99c682144bdbd40792ebf822fe9264e0376fb5 Mon Sep 17 00:00:00 2001
+From: Arjun Shankar <arjun@redhat.com>
+Date: Wed, 4 Nov 2020 12:19:38 +0100
+Subject: [PATCH] iconv: Accept redundant shift sequences in IBM1364 [BZ
+ #26224]
+
+The IBM1364, IBM1371, IBM1388, IBM1390 and IBM1399 character sets
+share converter logic (iconvdata/ibm1364.c) which would reject
+redundant shift sequences when processing input in these character
+sets.  This led to a hang in the iconv program (CVE-2020-27618).
+
+This commit adjusts the converter to ignore redundant shift sequences
+and adds test cases for iconv_prog hangs that would be triggered upon
+their rejection.  This brings the implementation in line with other
+converters that also ignore redundant shift sequences (e.g. IBM930
+etc., fixed in commit 692de4b3960d).
+
+Reviewed-by: Carlos O'Donell <carlos@redhat.com>
+---
+ iconvdata/ibm1364.c     | 14 ++------------
+ 1 files changed, 2 insertions(+), 12 deletions(-)
+
+diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c
+index 49e7267ab45..521f0825b7f 100644
+--- a/iconvdata/ibm1364.c
++++ b/iconvdata/ibm1364.c
+@@ -158,24 +158,14 @@ enum
+ 									      \
+     if (__builtin_expect (ch, 0) == SO)					      \
+       {									      \
+-	/* Shift OUT, change to DBCS converter.  */			      \
+-	if (curcs == db)						      \
+-	  {								      \
+-	    result = __GCONV_ILLEGAL_INPUT;				      \
+-	    break;							      \
+-	  }								      \
++	/* Shift OUT, change to DBCS converter (redundant escape okay).  */   \
+ 	curcs = db;							      \
+ 	++inptr;							      \
+ 	continue;							      \
+       }									      \
+     if (__builtin_expect (ch, 0) == SI)					      \
+       {									      \
+-	/* Shift IN, change to SBCS converter.  */			      \
+-	if (curcs == sb)						      \
+-	  {								      \
+-	    result = __GCONV_ILLEGAL_INPUT;				      \
+-	    break;							      \
+-	  }								      \
++	/* Shift IN, change to SBCS converter (redundant escape okay).  */    \
+ 	curcs = sb;							      \
+ 	++inptr;							      \
+ 	continue;							      \
+-- 
+2.25.1
+

glibc.spec

@@ -59,7 +59,7 @@
 ##############################################################################
 Name: 	 	glibc
 Version: 	2.28
-Release: 	46
+Release: 	47
 Summary: 	The GNU libc libraries
 License:	%{all_license}
 URL: 		http://www.gnu.org/software/glibc/
@@ -96,6 +96,7 @@ Patch19: Workaround-deprecation-warnings-introduced-in-libselinux-3.1.patch
 Patch20: backport-0001-Fix-handling-of-collating-symbols-in-fnmatch-bug-266.patch
 Patch21: backport-sysvipc-Fix-SEM_STAT_ANY-kernel-argument-pass-BZ-26637.patch
 Patch22: backport-i686-tst-strftime3-fix-printf-warning.patch
+Patch23: Fix-CVE-2020-27618-iconv-Accept-redundant-shift-sequences.patch
 
 Provides: ldconfig rtld(GNU_HASH) bundled(gnulib)
 
@@ -1091,6 +1092,10 @@ fi
 %doc hesiod/README.hesiod
 
 %changelog
+* Tue Nov 10 2020 liusirui<liusirui@huawei.com> - 2.28-47
+- Fix CVE-2020-27618, iconv accept redundant shift sequences in IBM1364 [BZ #26224]
+  https://sourceware.org/bugzilla/show_bug.cgi?id=26224
+
 * Tue Oct 27 2020 Qingqing Li <liqingqing3@huawei.com> - 2.28-46
 - fix handling of collating symbols in fnmatch.
   upstream link is: https://sourceware.org/bugzilla/show_bug.cgi?id=26620