132 lines
4.7 KiB
Text
132 lines
4.7 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
=============================================================================
|
|
FreeBSD-EN-16:21.localedef Errata Notice
|
|
The FreeBSD Project
|
|
|
|
Topic: Incorrectly defined unicode character(s)
|
|
|
|
Category: core
|
|
Module: localedef
|
|
Announced: 2016-12-06
|
|
Credits:
|
|
Affects: FreeBSD 11.0
|
|
Corrected: 2016-11-05 09:46:48 UTC (stable/11, 11.0-STABLE)
|
|
2016-12-06 00:09:52 UTC (releng/11.0, 11.0-RELEASE-p4)
|
|
|
|
For general information regarding FreeBSD Errata Notices and Security
|
|
Advisories, including descriptions of the fields above, security
|
|
branches, and the following sections, please visit
|
|
<URL:https://security.FreeBSD.org/>.
|
|
|
|
I. Background
|
|
|
|
The localedef(1) utility converts source definitions for locale categories
|
|
into a format usable by the functions and utilities whose operational
|
|
behavior is determined by the setting of the locale environment variables.
|
|
|
|
II. Problem Description
|
|
|
|
When compiling character class definitions, localedef(1) may incorrectly
|
|
coalesce non-consecutive ranges, so that unused codepoints located in a
|
|
gap between two ranges of characters belonging to a same class will be
|
|
included in that class.
|
|
|
|
III. Impact
|
|
|
|
Some Unicode codepoints that are reserved for later use may be reported as
|
|
valid by the ctype(3) / wctype(3) functions. Incorrect classification may
|
|
result in input validation errors.
|
|
|
|
IV. Workaround
|
|
|
|
No workaround is available.
|
|
|
|
V. Solution
|
|
|
|
Perform one of the following:
|
|
|
|
1) Upgrade your system to a supported FreeBSD stable or release / security
|
|
branch (releng) dated after the correction date.
|
|
|
|
2) To update your system via a binary patch:
|
|
|
|
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
|
platforms can be updated via the freebsd-update(8) utility:
|
|
|
|
# freebsd-update fetch
|
|
# freebsd-update install
|
|
|
|
Restart all daemons that are running with unicode locale, or reboot the
|
|
system.
|
|
|
|
3) To update your system via a source code patch:
|
|
|
|
The following patches have been verified to apply to the applicable
|
|
FreeBSD release branches.
|
|
|
|
a) Download the relevant patch from the location below, and verify the
|
|
detached PGP signature using your PGP utility.
|
|
|
|
# fetch https://security.FreeBSD.org/patches/EN-16:21/localedef.patch
|
|
# fetch https://security.FreeBSD.org/patches/EN-16:21/localedef.patch.asc
|
|
# gpg --verify localedef.patch.asc
|
|
|
|
b) Apply the patch. Execute the following commands as root:
|
|
|
|
# cd /usr/src
|
|
# patch < /path/to/patch
|
|
|
|
c) Recompile the operating system using buildworld and installworld as
|
|
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
|
|
|
Note that rebuilding the localedef(1) utility only isn't enough to
|
|
fix already installed locales on your system.
|
|
|
|
Restart all daemons that are running with unicode locale, or reboot the
|
|
system.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the correction revision numbers for each
|
|
affected branch.
|
|
|
|
Branch/path Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/11/ r308330
|
|
releng/11.0/ r309584
|
|
- -------------------------------------------------------------------------
|
|
|
|
To see which files were modified by a particular revision, run the
|
|
following command, replacing NNNNNN with the revision number, on a
|
|
machine with Subversion installed:
|
|
|
|
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
|
|
|
Or visit the following URL, replacing NNNNNN with the revision number:
|
|
|
|
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
|
|
|
VII. References
|
|
|
|
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213013>
|
|
|
|
The latest revision of this advisory is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-16:21.localedef.asc>
|
|
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQIcBAEBCgAGBQJYRw1tAAoJEO1n7NZdz2rn+l8QAKBNhMxJ4Gkqh/B8EwU0MR/v
|
|
flI0pOWEnxSyzGdMgL8KFng1YXCp77SlSp+uG5ASNBbJDroEVGQ2LcDQWEsr2QfE
|
|
I6a7xLNXx5l3ytiR50/eZRyIhWt7/aLzrtYvabJckvxkZCUZ8Itolvha7gu8HGk/
|
|
Is5chXNQxOAYXOjJuiOY99o6oe9tXqGA+eKBkyjOyEUoYK0D402fkPaXvEajmYqD
|
|
ynS2N72zmyNp9ZT6d/UWwCPBr7VM9yXgx9cYhYBwxlYBfOeAAHIfjG6LULGyr+7Y
|
|
tDj+Q+1I1vEE3OtsnLeGFJw21sPZtnXVM4Dmly4OJoSngYrM+mb8DY96QGqAgRjh
|
|
5G4EqxIKUQQsoiCmqfFSy9zT2o0RHLjfCvMgBJS4jznijsY6YufodmG6P2Px+yMw
|
|
vW4PeCravUvCjMtJTfYDMoyxW1068m8JZk2X2ehDMCLh6gk8ytJn9z/E1TpEzEiM
|
|
5coP//KPmBQFrgYkSmj2FH1fuWCrU6Cw5JrWhATgw8+GLi5r42r44BQ5mj3rW8rz
|
|
5VVugAht06hR9jmkH8+c/OEOkhyrnU+Psvk9YfqN4yn5Etoa03taZw/L0UHRk0M1
|
|
vb/krFMtbGBeh4XOH4N8YJ+jaO2pw1bLIBKpdGB6fSgyHuN5vNhi0eO3NOy7HSuh
|
|
hEh9Vaqvzd8mefLV653c
|
|
=XdaZ
|
|
-----END PGP SIGNATURE-----
|