[bash/f21] Patchlevel 30
Ondrej Oprala
ooprala at fedoraproject.org
Mon Oct 6 05:40:26 UTC 2014
commit 915e5b4463fd64855120a2d834cead69f8f42419
Author: Ondrej Oprala <ooprala at redhat.com>
Date: Mon Oct 6 07:06:32 2014 +0200
Patchlevel 30
bash.spec | 10 ++++-
bash43-029 | 59 +++++++++++++++++++++++++++
bash43-030 | 132 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 200 insertions(+), 1 deletions(-)
---
diff --git a/bash.spec b/bash.spec
index caca5ed..aea8538 100644
--- a/bash.spec
+++ b/bash.spec
@@ -1,5 +1,5 @@
#% define beta_tag rc2
-%define patchleveltag .28
+%define patchleveltag .30
%define baseversion 4.3
%bcond_without tests
%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
@@ -58,6 +58,9 @@ Patch027: bash-4.2-cve-2014-7169-1.patch
#patchlevel 28
Patch028: bash-4.2-cve-2014-7169-2.patch
+Patch029: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-029
+Patch030: ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-030
+
# Other patches
Patch101: bash-2.02-security.patch
@@ -169,6 +172,8 @@ This package contains documentation files for %{name}.
%patch026 -p0 -b .026
%patch027 -p0 -b .7169-1
%patch028 -p0 -b .7169-2
+%patch029 -p0 -b .029
+%patch030 -p0 -b .030
# Other patches
%patch101 -p1 -b .security
@@ -394,6 +399,9 @@ end
%doc doc/*.ps doc/*.0 doc/*.html doc/article.txt
%changelog
+* Thu Oct 06 2014 Ondrej Oprala <ooprala at redhat.com> - 4.3.30-1
+- Patchlevel 30
+
* Mon Oct 06 2014 Ondrej Oprala <ooprala at redhat.com> - 4.3.28-1
- RedHat's patchlevel 28
diff --git a/bash43-029 b/bash43-029
new file mode 100644
index 0000000..f8a9e77
--- /dev/null
+++ b/bash43-029
@@ -0,0 +1,59 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-029
+
+Bug-Reported-by: Michal Zalewski <lcamtuf at coredump.cx>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+When bash is parsing a function definition that contains a here-document
+delimited by end-of-file (or end-of-string), it leaves the closing delimiter
+uninitialized. This can result in an invalid memory access when the parsed
+function is later copied.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.3.28/make_cmd.c 2011-12-16 08:08:01.000000000 -0500
+--- make_cmd.c 2014-10-02 11:24:23.000000000 -0400
+***************
+*** 693,696 ****
+--- 693,697 ----
+ temp->redirector = source;
+ temp->redirectee = dest_and_filename;
++ temp->here_doc_eof = 0;
+ temp->instruction = instruction;
+ temp->flags = 0;
+*** ../bash-4.3.28/copy_cmd.c 2009-09-11 16:28:02.000000000 -0400
+--- copy_cmd.c 2014-10-02 11:24:23.000000000 -0400
+***************
+*** 127,131 ****
+ case r_reading_until:
+ case r_deblank_reading_until:
+! new_redirect->here_doc_eof = savestring (redirect->here_doc_eof);
+ /*FALLTHROUGH*/
+ case r_reading_string:
+--- 127,131 ----
+ case r_reading_until:
+ case r_deblank_reading_until:
+! new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0;
+ /*FALLTHROUGH*/
+ case r_reading_string:
+*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500
+--- patchlevel.h 2014-03-20 20:01:28.000000000 -0400
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 26
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 29
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/bash43-030 b/bash43-030
new file mode 100644
index 0000000..9e115a3
--- /dev/null
+++ b/bash43-030
@@ -0,0 +1,132 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-030
+
+Bug-Reported-by: Michal Zalewski <lcamtuf at coredump.cx>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+A combination of nested command substitutions and function importing from
+the environment can cause bash to execute code appearing in the environment
+variable value following the function definition.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.3.29/builtins/evalstring.c 2014-10-01 12:57:47.000000000 -0400
+--- builtins/evalstring.c 2014-10-03 11:57:04.000000000 -0400
+***************
+*** 309,318 ****
+ struct fd_bitmap *bitmap;
+
+! if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
+ {
+! internal_warning ("%s: ignoring function definition attempt", from_file);
+! should_jump_to_top_level = 0;
+! last_result = last_command_exit_value = EX_BADUSAGE;
+! break;
+ }
+
+--- 313,335 ----
+ struct fd_bitmap *bitmap;
+
+! if (flags & SEVAL_FUNCDEF)
+ {
+! char *x;
+!
+! /* If the command parses to something other than a straight
+! function definition, or if we have not consumed the entire
+! string, or if the parser has transformed the function
+! name (as parsing will if it begins or ends with shell
+! whitespace, for example), reject the attempt */
+! if (command->type != cm_function_def ||
+! ((x = parser_remaining_input ()) && *x) ||
+! (STREQ (from_file, command->value.Function_def->name->word) == 0))
+! {
+! internal_warning (_("%s: ignoring function definition attempt"), from_file);
+! should_jump_to_top_level = 0;
+! last_result = last_command_exit_value = EX_BADUSAGE;
+! reset_parser ();
+! break;
+! }
+ }
+
+***************
+*** 379,383 ****
+
+ if (flags & SEVAL_ONECMD)
+! break;
+ }
+ }
+--- 396,403 ----
+
+ if (flags & SEVAL_ONECMD)
+! {
+! reset_parser ();
+! break;
+! }
+ }
+ }
+*** ../bash-4.3.29/parse.y 2014-10-01 12:58:43.000000000 -0400
+--- parse.y 2014-10-03 14:48:59.000000000 -0400
+***************
+*** 2539,2542 ****
+--- 2539,2552 ----
+ }
+
++ char *
++ parser_remaining_input ()
++ {
++ if (shell_input_line == 0)
++ return 0;
++ if (shell_input_line_index < 0 || shell_input_line_index >= shell_input_line_len)
++ return '\0'; /* XXX */
++ return (shell_input_line + shell_input_line_index);
++ }
++
+ #ifdef INCLUDE_UNUSED
+ /* Back the input pointer up by one, effectively `ungetting' a character. */
+***************
+*** 4028,4033 ****
+ /* reset_parser clears shell_input_line and associated variables */
+ restore_input_line_state (&ls);
+! if (interactive)
+! token_to_read = 0;
+
+ /* Need to find how many characters parse_and_execute consumed, update
+--- 4053,4058 ----
+ /* reset_parser clears shell_input_line and associated variables */
+ restore_input_line_state (&ls);
+!
+! token_to_read = 0;
+
+ /* Need to find how many characters parse_and_execute consumed, update
+*** ../bash-4.3.29/shell.h 2014-10-01 12:57:39.000000000 -0400
+--- shell.h 2014-10-03 14:49:12.000000000 -0400
+***************
+*** 181,184 ****
+--- 181,186 ----
+
+ /* Let's try declaring these here. */
++ extern char *parser_remaining_input __P((void));
++
+ extern sh_parser_state_t *save_parser_state __P((sh_parser_state_t *));
+ extern void restore_parser_state __P((sh_parser_state_t *));
+*** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500
+--- patchlevel.h 2014-03-20 20:01:28.000000000 -0400
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 29
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 30
+
+ #endif /* _PATCHLEVEL_H_ */
More information about the scm-commits
mailing list