File CVE-2023-25815.patch of Package git

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2023-25815.patch of Package git

commit c4137be0f5a6edf9a9044e6e43ecf4468c7a4046
Author: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Date:   Wed Feb 22 12:40:55 2023 +0100

gettext: avoid using gettext if the locale dir is not present
    
    In cc5e1bf99247 (gettext: avoid initialization if the locale dir is not
    present, 2018-04-21) Git was taught to avoid a costly gettext start-up
    when there are not even any localized messages to work with.
    
    But we still called `gettext()` and `ngettext()` functions.
    
    Which caused a problem in Git for Windows when the libgettext that is
    consumed from the MSYS2 project stopped using a runtime prefix in
    https://github.com/msys2/MINGW-packages/pull/10461
    
    Due to that change, we now use an unintialized gettext machinery that
    might get auto-initialized _using an unintended locale directory_:
    `C:\mingw64\share\locale`.
    
    Let's record the fact when the gettext initialization was skipped, and
    skip calling the gettext functions accordingly.
    
    This addresses CVE-2023-25815.
    
    Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Index: git-2.35.3/gettext.c
===================================================================
--- git-2.35.3.orig/gettext.c	2023-04-24 12:56:36.564890873 +0000
+++ git-2.35.3/gettext.c	2023-04-24 12:56:41.833862950 +0000
@@ -102,6 +102,8 @@ static void init_gettext_charset(const c
 		setlocale(LC_CTYPE, "C");
 }
 
+int git_gettext_enabled = 0;
+
 void git_setup_gettext(void)
 {
 	const char *podir = getenv(GIT_TEXT_DOMAIN_DIR_ENVIRONMENT);
@@ -121,6 +123,8 @@ void git_setup_gettext(void)
 	init_gettext_charset("git");
 	textdomain("git");
 
+	git_gettext_enabled = 1;
+
 	free(p);
 }
 
Index: git-2.35.3/gettext.h
===================================================================
--- git-2.35.3.orig/gettext.h	2023-04-24 12:56:36.564890873 +0000
+++ git-2.35.3/gettext.h	2023-04-24 12:58:17.175357908 +0000
@@ -29,9 +29,11 @@
 #define FORMAT_PRESERVING(n) __attribute__((format_arg(n)))
 
 #ifndef NO_GETTEXT
+extern int git_gettext_enabled;
 void git_setup_gettext(void);
 int gettext_width(const char *s);
 #else
+#define git_gettext_enabled (0)
 static inline void git_setup_gettext(void)
 {
 }
@@ -45,12 +47,14 @@ static inline FORMAT_PRESERVING(1) const
 {
 	if (!*msgid)
 		return "";
-	return gettext(msgid);
+	return !git_gettext_enabled ? msgid : gettext(msgid);
 }
 
 static inline FORMAT_PRESERVING(1) FORMAT_PRESERVING(2)
 const char *Q_(const char *msgid, const char *plu, unsigned long n)
 {
+	if (!git_gettext_enabled)
+		return n == 1 ? msgid : plu;
 	return ngettext(msgid, plu, n);
 }

Places

File CVE-2023-25815.patch of Package git

Places