Bug 1704868

Fixed upstream with the following commit:

commit 91927b7c76437db860cd86a7714476b56bb39d07
Author: Arjun Shankar <arjun>
Date:   Tue Jul 7 20:31:48 2020 +0200

    Rewrite iconv option parsing [BZ #19519]
    
    This commit replaces string manipulation during `iconv_open' and iconv_prog
    option parsing with a structured, flag based conversion specification.  In
    doing so, it alters the internal `__gconv_open' interface and accordingly
    adjusts its uses.
    
    This change fixes several hangs in the iconv program and therefore includes
    a new test to exercise iconv_prog options that originally led to these hangs.
    It also includes a new regression test for option handling in the iconv
    function.
    
    Reviewed-by: Florian Weimer <fweimer>
    Reviewed-by: Siddhesh Poyarekar <siddhesh>
    Reviewed-by: Carlos O'Donell <carlos>

This commit is also needed. I will include it when I do the backport, but
just wanted to mention it here on bugzilla.

commit 7d4ec75e111291851620c6aa2c4460647b7fd50d
Author: Arjun Shankar <arjun>
Date:   Fri Sep 25 14:47:06 2020 +0200

    intl: Handle translation output codesets with suffixes [BZ #26383]
    
    Commit 91927b7c7643 (Rewrite iconv option parsing [BZ #19519]) did not
    handle cases where the output codeset for translations (via the `gettext'
    family of functions) might have a caller specified encoding suffix such as
    TRANSLIT or IGNORE.  This led to a regression where translations did not
    work when the codeset had a suffix.
    
    This commit fixes the above issue by parsing any suffixes passed to
    __dcigettext and adds two new test-cases to intl/tst-codeset.c to
    verify correct behaviour.  The iconv-internal function __gconv_create_spec
    and the static iconv-internal function gconv_destroy_spec are now visible
    internally within glibc and used in intl/dcigettext.c.

One final addition. This closes out all known hangs:

commit 9a99c682144bdbd40792ebf822fe9264e0376fb5
Author: Arjun Shankar <arjun>
Date:   Wed Nov 4 12:19:38 2020 +0100

    iconv: Accept redundant shift sequences in IBM1364 [BZ #26224]
    
    The IBM1364, IBM1371, IBM1388, IBM1390 and IBM1399 character sets
    share converter logic (iconvdata/ibm1364.c) which would reject
    redundant shift sequences when processing input in these character
    sets.  This led to a hang in the iconv program (CVE-2020-27618).
    
    This commit adjusts the converter to ignore redundant shift sequences
    and adds test cases for iconv_prog hangs that would be triggered upon
    their rejection.  This brings the implementation in line with other
    converters that also ignore redundant shift sequences (e.g. IBM930
    etc., fixed in commit 692de4b3960d).
    
    Reviewed-by: Carlos O'Donell <carlos>

The build also fixes bug 1894669 since the failures are similar and can be tested together.
The fix comes with two tests: iconv/tst-iconv-opt and iconv/tst-iconv_prog that both ran
and passed during build.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: glibc security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1585